The Chaos Computer Club in Germany has released an advisory and a demonstration of a vulnerability for a whole range of Nokia cellphones using the Symbian 60 OS. The exploit is called Curse of Silence, because an SMS silently entering your cellphone makes it impossible to receive SMS or MMS’s until the phone is restored to factory default (by entering "*#7370#"). The vulnerability works thus:
Emails can be sent via SMS by setting the messages Protocol Identifier to "Internet Electronic Mail" and formatting the message like this:
Example: "firstname.lastname@example.org " (including space)
If such messages contain an <email-address> with more than 32 characters, S60 2.6, 2.8, 3.0 and 3.1 devices are not able to receive other SMS or MMS messages anymore. 2.6 and 3.0 devices lock up after only one message, 2.8 and 3.1 devices after 11 messages.
See the advisory below for technical details. AFAIK there’s no firmware available yet from Nokia’s Device software update page that will fix the vulnerability, although the CCC did notify the manufacturers as the nice white hats they are.